package com.github.cooingandwooing.securityapp;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 配置安全策略
 * @author zhuqiang
 * @version 1.0.1 2018/8/7 16:02
 * @date 2018/8/7 16:02
 * @since 1.0
 */
// 不知道需要这个不
// @EnableWebSecurity(debug=true) //额外日志输出
@Configuration
public class MyWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic();
        // 这里可以配置对资源的 auth验证  authorizeRequsts  antMatchers hasAuthority anyRequest().autherticated()
        // 下面函数式写法
        http.authorizeRequests(req -> req.antMatchers("/api/**").authenticated())
                .formLogin(form -> form.disable())
                .httpBasic(Customizer.withDefaults())
                .csrf(csrf -> csrf.disable());
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {


    }
}
